cryptodev HW (aesni) vs software
Ivan Klymenko
fidaj at ukr.net
Sun Nov 22 11:03:39 UTC 2015
On Fri, 20 Nov 2015 19:29:20 +0000
RW via freebsd-questions <freebsd-questions at freebsd.org> wrote:
> On Fri, 20 Nov 2015 20:03:25 +0200
> Ivan Klymenko wrote:
>
> > Hello everybody.
> > What's happening?
> >
> > root at nonamehost:/ # openssl speed -evp aes-128-cbc -elapsed -engine
> > cryptodev engine "cryptodev" set.
>
> I'm not really sure what the actual question was, but IIRC you
> shouldn't load cryptodev if the CPU has AES-NI because it gets used by
> default and it's faster to allow openssl to use AES-NI instructions
> directly.
You may not see the problem.
There are two identical server hardware
1) FreeBSD and cryptodev/aesni:
openssl speed -evp aes-128-cbc -elapsed
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-128-cbc for 3s on 16 size blocks: 1546914 aes-128-cbc's in 3.05s
Doing aes-128-cbc for 3s on 64 size blocks: 1442599 aes-128-cbc's in 3.01s
Doing aes-128-cbc for 3s on 256 size blocks: 1230228 aes-128-cbc's in 3.05s
Doing aes-128-cbc for 3s on 1024 size blocks: 783365 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 8192 size blocks: 184665 aes-128-cbc's in 3.03s
OpenSSL 1.0.1p-freebsd 9 Jul 2015
built on: date not available
options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx)
compiler: clang
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128-cbc 8123.28k 30695.51k 103364.39k 267388.59k 499060.02k
2) Ubuntu default (aesni module is load):
openssl speed -evp aes-128-cbc -elapsed
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-128-cbc for 3s on 16 size blocks: 122663419 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 64 size blocks: 32869514 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 256 size blocks: 8368810 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 2101689
aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 8192 size blocks: 263094 aes-128-cbc's in 3.00s
OpenSSL 1.0.1f 6 Jan 2014
built on: Thu Jun 11 15:28:12 UTC 2015
options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) blowfish(idx)
compiler: cc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wa,--noexecstack -Wall -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128-cbc 654204.90k 701216.30k 714138.45k 717376.51k 718422.02k
3)FreeBSD and only aesni:
openssl speed -evp aes-128-cbc -elapsed
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-128-cbc for 3s on 16 size blocks: 98895809 aes-128-cbc's in 3.01s
Doing aes-128-cbc for 3s on 64 size blocks: 26629435 aes-128-cbc's in 3.01s
Doing aes-128-cbc for 3s on 256 size blocks: 6850987 aes-128-cbc's in 3.02s
Doing aes-128-cbc for 3s on 1024 size blocks: 1719734 aes-128-cbc's in 3.02s
Doing aes-128-cbc for 3s on 8192 size blocks: 215447 aes-128-cbc's in 3.02s
OpenSSL 1.0.1p-freebsd 9 Jul 2015
built on: date not available
options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx)
compiler: clang
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128-cbc 526074.33k 566619.04k 580085.64k 583961.07k 583753.37k
I hope the problem has now become more visible?
Thanks!
More information about the freebsd-questions
mailing list